How do you know that send me my password doesn’t in fact send a temporary password, with instructions to reset the password?
You cannot assume from this screen that the password isn’t encrypted/salted. You cannot assume that the email to the user isn’t encrypted either.
this captcha is always orange, and here we are bashing something else
The mistake is that the Events tab is chosen when you’re on a forgot password form. It means they are not using any cool framework for development, or at least misusing some framework.
I wouldn’t work for them either.
#Jo
If the email address you submit matches the email address in our system, you will receive an email that contains your current password.
YOUR CURRENT PASSWORD
whats not so clear, you dumb mensite.
It pays to consider the level of security in the context of what’s being protected. Quite frankly, I could care less if any of many of the web sites I have accounts on were compromised. The password more often protects their interests, not mine. Of course, if the account is at all sensitive with membership information (as is likely the case here), there may be a problem.
Since you’ve sent readers on a wild goose chase by not explaining the problem that we should be discussing, I’ll withhold any further comment. Depending on which can of worms you actually open on us in a later post, I’ll be able to better elucidate in context.
if you know an existing mensa member’s email address it might be kind of fun to spam them by hitting the ‘Send me my password’ button a couple hundred times …
I’ve always found it funny that Mensa means stupid in Spanish.
yawn who cares? I’d have preferred to have you mention the WTF and then perhaps expound on a few alternatives.
Well, it’s Mensa which means many, many smart people. Maybe their coders were able to break SHA, MD5 or whatever hash alg they are using… The only question is why they keep it secret?
Everyone seems to be missing what was blindingly obvious to me…
Know someones email address? Find out if they are in mensa…
Not particuarly… private.
So many websites are culprits of this.
It’s not a good idea to tell we don’t have the entered email address in our system, easier and safer to give the same response whether we sent an email or not.
I was in MENSA once. I got tired of hanging out with those people. I was stunned at how many of these supposedly briliiant people either held down the lamest jobs you could imagine (one guy was the nightime cleanup guy at a dive bar). And those were the ones that could hold down a steady job! Most of them dressed like a bunch of slobs and smelled like they never showered
Silly people, the real issue is that you don’t put the word Colloquium on a website. I mean, what the heck does that mean… stupid fancy Latin word users! 
Never like the password being sent to me. Better to have a reset password link, I think.
It isn’t some hidden password trick, it’s that they are on the events tab (look on the side bar) and up pops the password retrieval page.
I didn’t get the whole idea of the post. I am in a puzzle.
Owh i know, the web colours are mistmatched!
So which one were you thinking of? Not storing the password as a hash, or sending the email through an insecure communications method?
@Startlogic Review
Nobody got the idea of this post. We are just pretending.
… and it doesn’t take too much googleing to figure out the email addresses of some mensa people.
‘Your password has been sent to you via email.’
colloquiUm?
I’m not native english, but in latin IIRC it was spelled another way…